From 94132170c13115391a8f22ce588e8bf2fe50e34a Mon Sep 17 00:00:00 2001 From: Fabian Freyer Date: Thu, 22 Oct 2020 16:35:28 +0200 Subject: [PATCH] Debrand: add the branding config variable --- app/templates/base.html | 2 +- app/user/helpers.py | 12 ++++++------ config.py | 13 +++++++++++-- docker-compose.yml | 8 ++++---- docker.md | 14 +++++++------- docker/bootstrap_openldap/acl.ldif | 12 ++++++------ docker/bootstrap_openldap/ldif/bootstrap.ldif | 10 +++++----- docker/test.conf | 6 +++--- manage.py | 2 +- 9 files changed, 44 insertions(+), 35 deletions(-) diff --git a/app/templates/base.html b/app/templates/base.html index 1f76832..2c0bc3a 100644 --- a/app/templates/base.html +++ b/app/templates/base.html @@ -18,7 +18,7 @@ - ZaPF-Auth + {{config["BRANDING"]}} diff --git a/app/user/helpers.py b/app/user/helpers.py index 8acc3bd..805406b 100644 --- a/app/user/helpers.py +++ b/app/user/helpers.py @@ -4,7 +4,7 @@ def send_password_reset_mail(user): msg = Message( - "ZaPF-Auth-System: Passwort zurücksetzen", + f"{current_app.config['BRANDING']}: Passwort zurücksetzen", recipients=[user.mail], sender=current_app.config["MAIL_DEFAULT_SENDER"], ) @@ -24,8 +24,8 @@ def send_password_reset_mail(user): Der Link ist für 1 Tag gültig. Viele Grüße -Dein ZaPF-Auth-System""".format( - user, url +Dein {2}}""".format( + user, url, current_app.config["BRANDING"] ) current_app.mail.send(msg) @@ -33,7 +33,7 @@ def send_password_reset_mail(user): def send_confirm_mail(user): msg = Message( - "ZaPF-Auth-System: E-Mail bestätigen", + f"{current_app.config['BRANDING']}: E-Mail bestätigen", recipients=[user.mail], sender=current_app.config["MAIL_DEFAULT_SENDER"], ) @@ -53,8 +53,8 @@ def send_confirm_mail(user): Der Link ist für 1 Tag gültig. Viele Grüße -Dein ZaPF-Auth-System""".format( - user, url +Dein {2}}""".format( + user, url, current_app.config["BRANDING"] ) current_app.mail.send(msg) diff --git a/config.py b/config.py index 05818ad..92c4d58 100644 --- a/config.py +++ b/config.py @@ -6,6 +6,7 @@ class Config: FLASK_COVERAGE = 0 MOCKSERVER = False + BRANDING = "Auth" LDAP_HOST = "localhost" LDAP_PORT = 8369 LDAP_BASE_DN = "dc=my-domain,dc=com" @@ -34,8 +35,7 @@ class Config: ] MAIL_USE_TLS = True - MAIL_DEFAULT_SENDER = "topf@zapf.in" - MAIL_NEXT_ZAPF_ORGA = "topf@zapf.in" + MAIL_DEFAULT_SENDER = "mail@example.com" CACHE_TYPE = "simple" @@ -50,11 +50,20 @@ def init_app(app): class DevelopmentConfig(Config): + print(" * Using development config!") + SECRET_KEY = "secrets" DEBUG = True RECAPTCHA_PUBLIC_KEY = "6LeIxAcTAAAAAJcZVRqyHh71UMIEGNQ_MXjiZKhI" RECAPTCHA_PRIVATE_KEY = "6LeIxAcTAAAAAGG-vFI1TnRWxMZNFuojJ4WifJWe" RECAPTCHA_USE_SSL = False + + LDAP_BASE_DN = "dc=example,dc=com" + LDAP_BIND_USER_DN = "uid=auth,dc=example,dc=com" + LDAP_BIND_USER_PASSWORD = "test" + import ldap3 + + PASSWORD_HASHING_FUNC = ldap3.HASHED_SALTED_SHA # MOCKSERVER = True diff --git a/docker-compose.yml b/docker-compose.yml index 9f1e8f5..a71e101 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -3,8 +3,8 @@ services: openldap: image: osixia/openldap environment: - LDAP_ORGANISATION: "ZaPF" - LDAP_DOMAIN: "zapf.in" + LDAP_ORGANISATION: "Example Org." + LDAP_DOMAIN: "example.com" LDAP_BACKEND: "mdb" expose: - "389" @@ -22,9 +22,9 @@ services: command: --copy-service auth: build: . - image: zapf-auth:latest + image: auth:latest ports: - - "80" + - "5000:80" volumes: - type: bind source: ./docker/auth.conf diff --git a/docker.md b/docker.md index b43b6c8..b90fb42 100644 --- a/docker.md +++ b/docker.md @@ -13,7 +13,7 @@ An OpenLDAP server is provided using the [osixia/openldap] docker image. **Make sure to change the passwords for the following default accounts:** -The admin DN for the main tree at `dc=zapf,dc=in` is `cn=admin,dc=zapf,dc=in` +The admin DN for the main tree at `dc=example,dc=com` is `cn=admin,dc=example,dc=com` with the password specified in `LDAP_ADMIN_PASSWORD` environment variable. This defaults to `admin`. @@ -21,7 +21,7 @@ The admin DN for the config tree at `cn=config` is `cn=admin,cn=config` with the password specified in `LDAP_CONFIG_PASSWORD`. This defaults to `config`. -The bind user for the auth application is `uid=zapf-auth,dc=zapf,dc=in`. +The bind user for the auth application is `uid=auth,dc=example,dc=com`. The password is specified in the [`docker/bootstrap_openldap/ldif/bootstrap.ldif`] file. This defaults to `test`. @@ -29,8 +29,8 @@ When changing this password, hash it using `slappasswd`. ### Tree Structure -The OU entries for `ou=people,dc=zapf,dc=in`, `ou=groups,dc=zapf,dc=in` and -`ou=oauth,dc=zapf,dc=in` are created on startup. +The OU entries for `ou=people,dc=example,dc=com`, `ou=groups,dc=example,dc=com` and +`ou=oauth,dc=example,dc=com` are created on startup. ## App configuration @@ -46,8 +46,8 @@ BOOTSTRAP_SERVE_LOCAL = True # LDAP LDAP_HOST = 'openldap' LDAP_PORT = 389 -LDAP_BASE_DN = 'dc=zapf,dc=in' -LDAP_BIND_USER_DN = 'uid=zapf-auth,dc=zapf,dc=in' +LDAP_BASE_DN = 'dc=example,dc=com' +LDAP_BIND_USER_DN = 'uid=auth,dc=example,dc=com' LDAP_BIND_USER_PASSWORD = 'test' import ldap3 PASSWORD_HASHING_FUNC = ldap3.HASHED_SALTED_SHA @@ -62,7 +62,7 @@ MAIL_SERVER='smtp.example.org' MAIL_PORT=465 MAIL_USE_TLS = False MAIL_USE_SSL=True -MAIL_USERNAME='zapf-auth-sender' +MAIL_USERNAME='auth-sender' MAIL_PASSWORD='CHANGEME' # To prevent open redirects in OAuth logout diff --git a/docker/bootstrap_openldap/acl.ldif b/docker/bootstrap_openldap/acl.ldif index 3ea6a79..ab70e32 100644 --- a/docker/bootstrap_openldap/acl.ldif +++ b/docker/bootstrap_openldap/acl.ldif @@ -5,9 +5,9 @@ delete: olcAccess add: olcAccess olcAccess: {0}to dn.exact="" by * read olcAccess: {1}to dn.base="cn=Subschema" by * read -olcAccess: {2}to attrs=userpassword by self =xw by dn.base="uid=zapf-auth,dc=zapf,dc=in" break by anonymous auth by * none -olcAccess: {3}to dn.subtree="ou=users,dc=zapf,dc=in" by self write by dn.base="uid=zapf-auth,dc=zapf,dc=in" write by dn.subtree="ou=users,dc=zapf,dc=in" search -olcAccess: {4}to dn.children="ou=groups,dc=zapf,dc=in" attrs=cn,entry by dn.base="uid=zapf-auth,dc=zapf,dc=in" break by dnattr=member read -olcAccess: {5}to dn.subtree="ou=groups,dc=zapf,dc=in" by dn.base="uid=zapf-auth,dc=zapf,dc=in" write by dn.subtree="ou=users,dc=zapf,dc=in" search -olcAccess: {6}to dn.subtree="ou=oauth2,dc=zapf,dc=in" by dn.base="uid=zapf-auth,dc=zapf,dc=in" write -olcAccess: {7}to dn.subtree="dc=zapf,dc=in" by dn.base="uid=zapf-auth,dc=zapf,dc=in" search +olcAccess: {2}to attrs=userpassword by self =xw by dn.base="uid=auth,dc=example,dc=com" break by anonymous auth by * none +olcAccess: {3}to dn.subtree="ou=users,dc=example,dc=com" by self write by dn.base="uid=auth,dc=example,dc=com" write by dn.subtree="ou=users,dc=example,dc=com" search +olcAccess: {4}to dn.children="ou=groups,dc=example,dc=com" attrs=cn,entry by dn.base="uid=auth,dc=example,dc=com" break by dnattr=member read +olcAccess: {5}to dn.subtree="ou=groups,dc=example,dc=com" by dn.base="uid=auth,dc=example,dc=com" write by dn.subtree="ou=users,dc=example,dc=com" search +olcAccess: {6}to dn.subtree="ou=oauth2,dc=example,dc=com" by dn.base="uid=auth,dc=example,dc=com" write +olcAccess: {7}to dn.subtree="dc=example,dc=com" by dn.base="uid=auth,dc=example,dc=com" search diff --git a/docker/bootstrap_openldap/ldif/bootstrap.ldif b/docker/bootstrap_openldap/ldif/bootstrap.ldif index 2647d3b..bc89146 100644 --- a/docker/bootstrap_openldap/ldif/bootstrap.ldif +++ b/docker/bootstrap_openldap/ldif/bootstrap.ldif @@ -1,25 +1,25 @@ -dn: uid=zapf-auth,dc=zapf,dc=in +dn: uid=auth,dc=example,dc=com changetype: add -uid: zapf-auth +uid: auth objectClass: top objectClass: simpleSecurityObject objectClass: account description: Bind user for ZaPF-Auth userPassword: {SSHA}98H1A4YLoIZaceCtVoXIekAalnwlFsQd -dn: ou=groups,dc=zapf,dc=in +dn: ou=groups,dc=example,dc=com changetype: add objectClass: organizationalUnit ou: groups description: Automagically added by quasisentient sanity checks -dn: ou=users,dc=zapf,dc=in +dn: ou=users,dc=example,dc=com changetype: add objectClass: organizationalUnit ou: users description: Automagically added by quasisentient sanity checks -dn: ou=oauth2,dc=zapf,dc=in +dn: ou=oauth2,dc=example,dc=com changetype: add objectClass: organizationalUnit ou: oauth2 diff --git a/docker/test.conf b/docker/test.conf index 1e9c3e6..2ea69c8 100644 --- a/docker/test.conf +++ b/docker/test.conf @@ -5,8 +5,8 @@ BOOTSTRAP_SERVE_LOCAL = True # LDAP LDAP_HOST = 'openldap' LDAP_PORT = 389 -LDAP_BASE_DN = 'dc=zapf,dc=in' -LDAP_BIND_USER_DN = 'uid=zapf-auth,dc=zapf,dc=in' +LDAP_BASE_DN = 'dc=example,dc=com' +LDAP_BIND_USER_DN = 'uid=auth,dc=example,dc=com' LDAP_BIND_USER_PASSWORD = 'test' import ldap3 PASSWORD_HASHING_FUNC = ldap3.HASHED_SALTED_SHA @@ -21,7 +21,7 @@ MAIL_SERVER='smtp.example.org' MAIL_PORT=465 MAIL_USE_TLS = False MAIL_USE_SSL=True -MAIL_USERNAME='zapf-auth-sender' +MAIL_USERNAME='auth-sender' MAIL_PASSWORD='CHANGEME' # To prevent open redirects in OAuth logout diff --git a/manage.py b/manage.py index 4fccdd6..a2fdda6 100755 --- a/manage.py +++ b/manage.py @@ -4,7 +4,7 @@ from flask_migrate import Migrate, MigrateCommand from app.db import db -app = create_app() +app = create_app("development") manager = Manager(app) migrate = Migrate(app, db)